Between the rampaging llamas and a photo optical illusion the internet has been a silly, silly place the last 24 hours.
I have a little present for folks. I hinted there may be pictures from Kilt Day at M3AAWG in an earlier post.
There are, and all of the subjects have granted permission for me to share the photos here. Follow me below the cut.
A bunch of folks working so very hard to protect the internet against abuse, spam and malware.
Yes, it’s true. Gmail announced last Thursday at M3AAWG that they were piloting a new Feedback loop.
The Gmail FBL is currently for ESPs only. The announcement during MAAWG was that only MAAWG ESP members were eligible. They are requiring a DKIM signature for the FBL, but ESPs using individual customer d= values can get a FBL based on IPs. They are also not providing ANY information that reveals the complainer. Gmail’s intention is only to give ESPs feedback so that ESPs can prevent abuse. They are not giving feedback so complainers can be removed.
The email has a .csv attachment that has 3 columns: date, identifier and complaint rate.
The identifier is an ESP provided customer identifier. One of the ESPs I talked to said they were adding an X-header into their emails.
I’ve heard from beta testers that there is a minimum of 100 complaints before you’ll get any report.
Reports are sent daily if there is sufficient traffic to trigger them.
If you’re a MAAWG member, check the senders list for the signup URL.
M3AAWG is on a roll lately with published documents. They recently released the Compromised User ID Best Practices (pdf link).
Read MoreThe M3AAWG keynote address today was a talk from Ladar Levinson about the shut down of Lavabit mail service after receiving demands from the NSA to hand over their SSL keys.
@maawg tweeted different quotes from the session. There is a conflict between privacy and security, and these are questions we need to resolve.
Ladar talked about his potential new service called darkmail, which pushes encryption back to the user level. I think there is relevance to this, as many online services are used for political and other organizing. As someone said to me last night, some of the people using our service could be killed if we don’t protect their privacy. He wasn’t speaking of the US residents, but people in places like Ukraine or Arab countries or other places undergoing violent revolutions.
Privacy is important, how we treat privacy is important. Handing over SSL keys to governments strikes me as a big problem.